CVE-2019-18678
moderate-risk
Published 2019-11-26
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
Do I need to act?
~
10.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (8)
Affected Vendors
References (22)
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1156323
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html
Third Party Advisory
https://usn.ubuntu.com/4213-1/
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1156323
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html
and 2 more references
46
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
11/34 · Low
Exposure
14/34 · Moderate